Peter Sakaris CISSP Booz Allen Hamilton, 1299 Farnam Street Suite 1230, Omaha, NE 68102 402-232-3829 Office The Insider Threat.

Slides:



Advertisements
Similar presentations
ODNR Officer Support Team. Purpose The ODNR Support Program is a service for ODNR officers and their families. The program provides confidential assistance.
Advertisements

Counterintelligence Indicators Presented by Jerome Smith, Facility Security Officer, LAI/EES.
Montana Department of Justice Human Trafficking in Montana October 2013 Attorney General Tim Fox.
What is Insider Threat? “Potential damage to the interests of an organization by a person(s) who is regarded, falsely, as loyally working for or on behalf.
Approvals 1. 2 Chg #DateChangeSlide #Completed ByReason 18/9/2013From G Washington to B Arnold12Chris OWrong threat profile.
An introduction to Child Protection and Safeguarding
A Combat Support Agency 11 Tim Sullivan Chief of Security Defense Information Systems Agency 7 May 2009 Security Clearances A Combat Support Agency Defense.
F ACILITY S ECURITY Presented by: Dela Williams. 2.
© 2008 Carnegie Mellon University Preventing Insider Threats: Avoiding the Nightmare Scenario of a Good Employee Gone Bad Dawn Cappelli October 31, 2008.
INTRODUCTION o DISCUSS ADOPTION OF FRAUD AND THEFT POLICY o ASSIGNS RESPONSIBILITY FOR REPORTING FRAUD AND THEFT o PROVIDES GUIDELINES FOR INVESTIGATIONS.
Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.
Section Nine: Reporting Requirements Note: All classified markings contained within this presentation are for training purposes only.
© Carnegie Mellon University The CERT Insider Threat Center.
Espionage Indicators Briefing 1 U.S. Department of Commerce
10/27/20111 Initial Security Indoctrination DoD. 10/27/20112 The protection of Government assets, people and property, both classified and controlled.
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Engineering Secure Software. Lottery Story A Threat We Can’t Ignore  Documented incidents are prevalent Carnegie Melon’s SEI has studied over 700 cybercrimes.
The need for good ethics and integrity as part of every SafiSan Project Water Services Trust Fund ETHICS AND INTEGRITY AT THE WORK PLACE.
McGraw-Hill/Irwin 2010 Modified by Jackie Kroening 2011 MAINTAINING A PRODUCTIVE WORKPLACE Chapter 18.
Gambling Abuse and College Students
© 2003 Prentice-Hall, Inc. 1 Chapter 6 Police Management.
Security Education and Awareness Security 101 February 28, 2007 JSAC.
1 Counterintelligence & The Insider Threat An Enterprise Operations Counterintelligence Presentation Presented by: Ralph Butler SSC Counterintelligence.
Defensive Travel Briefing Cheryl L. Wieser Regional Security Officer US Department of Commerce (206) (206) Fax Updated 10/03/11 Security.
Cleared Employee Reporting Requirements. Reporting Regulations  Defense Security Service (DSS)  The National Industrial Security Program Operating Manual(NISPOM)1-300.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Social Media in the Workplace MEGAN QUIRK, ATTORNEY AT LAW.
9/15/20151 Initial Security Indoctrination. 9/15/20152 Agenda Physical Security Personnel Security Information Security Information Assurance Public Release.
The Impaired Healthcare Worker Lake Regional Health System.
OFFICE OF THE UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE CI & SECURITY DIRECTORATE, DDI(I&S) Valerie Heil August 12, 2014 UNCLASSIFIED NISPOM Update.
Intro to Business CHAPTER TWO The New Ethical Environment.
University of Louisiana at Monroe DRUG FREE WORKPLACE POLICY.
THREAT AWARENESS. 1 What is “Threat”? Adversary with intent and capability to act against friendly interests. Other countries Business competitors Criminals.
Information Warfare Playgrounds to Battlegrounds.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
CENTRA T ECHNOLOGY, I NC. 1 5 Steps To Protect Your Company Katherine D. Mills CENTRA Technology, Inc. Insider Threat:
CODE OF CONDUCT TRAINING. We conduct our global business honestly, ethically and legally, believing that good ethics is good business. The Company’s Philosophy.
Salary Possibilities Newly assigned Special Agents start at a yearly salary of $43,441, or also recognized as a GS-10, plus multiple other pay increases.
Information Assurance / Information Security / Network Security What High School Counselors Should Know Ken Crockett Director, Critical Infrastructures.
University of Louisiana at Monroe Violence in the Workplace.
Dealing with Conflict chapter 12. Behaviors when dealing with a diversity of people: Passive Behavior Aggressive Behavior Passive-Aggressive Behavior.
Sample only Order at Security Awareness Training A threat awareness briefing. A defensive security briefing. An overview of the.
Creating an Insider Threat Program.
SECURITY BRIEFING A threat awareness briefing A defensive security briefing An overview of the security classification system Employee reporting obligations.
Information Warfare Playgrounds to Battlegrounds.
NISPOM Chapter 1 Basics General Requirements Reporting Responsibilities Steven Rivera, FSO July 10, 2013.
Working with the Impaired Nurse Sharon S. Parker ONA convention, 2015.
Insider Threat. CSCE Farkas2 Reading List The National Infrastructure Advisory Council’s (NIAC) Final Report and Recommendation on the Insider Threat.
Brown Bag Presentation: Insider Threats By Kevin McKeever.
1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.
Information Protection The Personnel Security Program (PSP) & Supervisors’ Responsibilities Mr. Connolly.
National Direction of Education and Citizen’s Civic Formation (NDECCF) National Jury of Election (JNE) PERU.
Argonne Office of Counterintelligence Intelligence Analysis Division Argonne National Laboratory.
Media and Police: Bridges to the Community Karen L. Amendola, Ph.D. Police Foundation Institute for Integrity, Leadership, and Professionalism December.
Fraud Awareness Audit, Business & Technology Committee September 23, 2004.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
Insider Threat Awareness
Overview of Joe B. Taylor CS 591 Fall Introduction  Thriving defense manufacturing firm  System administrator angered  His role diminished with.
Domestic and Family Violence - A workplace issue
Insider Threat Defense Security Service Wajih Harroum CI Special Agent
CHAPTER FOUR OVERVIEW SECTION ETHICS
Issues in Policing Chapter 7.
INSIDER THREAT AWARENESS
Initial Security Indoctrination
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Tips for Obtaining a Security Clearance
INTRODUCTION For years there have been attacks around the United States for sometimes now, which is unexpected. However; there have not been good restoration.
Engineering Secure Software
Accounting Information Systems & Computer Fraud
Presentation transcript:

Peter Sakaris CISSP Booz Allen Hamilton, 1299 Farnam Street Suite 1230, Omaha, NE Office The Insider Threat

Definition An insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization's network, system, or data and intentionally or unintentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems and/or compromised the physical security of the organization CERT,

Some important/potential indicators of an insider threat. Greed/ financial need, Vulnerability to blackmail, Compulsive and destructive behavior, Rebellious, or passive aggressive behavior, Ethical “flexibility”, Reduced loyalty Entitlement – narcissism (ego/self-image) Inability to assume responsibility for actions Intolerance of criticism Pattern of frustration and disappointment Source: Combating the Insider Threat 2 May 2014 DHS, Indicators

Of those who have committed espionage since 1950: More than 1/3 had no security clearance Twice as many “insiders” volunteered as were recruited Naturalized U.S. citizens Most recent spies acted alone Nearly 85% passed information before being caught Out of the 11 most recent cases, 90% used computers while conducting espionage and 2/3 used the Internet to initiate contact Commonalities

Works odd hours without authorization Notable enthusiasm for overtime, weekend or unusual work schedules Unnecessarily copies material, especially if it is proprietary or classified Signs of vulnerability, such as drug or alcohol abuse, financial difficulties, gambling, illegal activities, poor mental health or hostile behavior. Be on the lookout for warning signs among employees such as the acquisition of unexpected wealth, unusual foreign travel, irregular work hours or unexpected absences Behavioral Indicators

Lone Wolfe Phenomenon

Vet everyone and every entity that can or does have access to internal networks from the outside or physical spaces Outward facing security combined with seamless security Specific program developed depends upon organizational culture but general of security principles apply Culture and process are important concepts Program Development

Insider Threat Program Development Culture of the organization must encourage reporting Reporting mechanism must be clear and concise. Who do I call? Anonymity must be guaranteed Awareness and Training activities –Discussion: policies, resources, and reporting methods –Role playing –Seminars

References US CERTUS CERT, SEI, at Carnegie-Mellon University Department of Homeland Security Secret Service Federal Bureau of Investigation (CI and Cyber)CICyber National Insider Threat Task Force National Insider Threat Task Force (USD(I)) Defense Security ServiceDefense Security Service (IS and CI)

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.